from builtins import str from django.conf import settings from django.contrib.auth import authenticate from django.contrib.auth import forms as auth_forms from django.contrib.auth import login, logout from django.contrib.auth.decorators import login_required from django.shortcuts import redirect, render from django.utils.http import is_safe_url """This enforces the login requirement for non-public pages using the decorator mechanism. https://www.fullstackpython.com/django-contrib-auth-decorators-login-required-examples.html """ class login_required_if_public(object): def __init__(self, f): if settings.PUBLIC_SITE: self.f = login_required(f) else: self.f = f def __call__(self, *args, **kwargs): return self.f(*args, **kwargs) # This is copied from CUYC.cuy.website.view.auth # If we want to do the whole online-email thing, we would also need to copy across the code in these # imported files and delete what is superfluous. # Or we could just load the latest version of django-registration app. #from cuy.club.models import Member, Message #from ..forms import WebsiteLoginForm, WebsiteRegisterForm #from ...common import mail_site_error #from .generic import user_is_active '''The login and logout functions. This is also where we would manage registration: for people wanting to create and validate their individual logon accounts/forgottenpassword''' ############################ # Authentication Functions # ############################ def expologout(request): login_form = auth_forms.AuthenticationForm() logout(request) return render(request, 'login/logout.html', {'form':login_form}) def expologin(request): # GET if not request.method == 'POST': if (not request.user.is_authenticated) or (not request.user.is_active): return render(request, 'login/index.html', {}) else: # going to login page when you are already logged in return render(request, 'tasks.html', {}) # POST username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is None: return render(request, 'login/index.html', {'invalid': True, 'username':username}) if not user.is_active: return render(request, 'login/enable.html', {'login_state':'notenabled'}) try: login(request, user) # Should do the ?next= stuff here.. return redirect_after_login(request) except: return render(request, 'errors/generic.html', {}) def redirect_after_login(request): nxt = request.GET.get("next", None) if nxt is None: return redirect(settings.LOGIN_REDIRECT_URL) elif not is_safe_url( url=nxt, allowed_hosts={request.get_host()}, require_https=request.is_secure()): return redirect(settings.LOGIN_REDIRECT_URL) else: return redirect(nxt)